CVE-2019-5434

CRITICAL EXPLOITED NUCLEI

revive_adserver < 4.2.0 - Remote Code Execution via XML-RPC Unserialize

Title source: llm

Exploitation Summary

CVE-2019-5434 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including crlf. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit leverages PHP object injection in Revive Adserver to achieve remote code execution by crafting a malicious serialized payload sent via XML-RPC to the adxmlrpc.php endpoint. It writes arbitrary PHP code to a file in the plugins directory, enabling RCE.

Description

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0.

Exploits (1)

exploitdb WORKING POC

by crlf · phpwebappsphp

https://www.exploit-db.com/exploits/47739

View Code ZIP pw:eip

This exploit leverages PHP object injection in Revive Adserver to achieve remote code execution by crafting a malicious serialized payload sent via XML-RPC to the adxmlrpc.php endpoint. It writes arbitrary PHP code to a file in the plugins directory, enabling RCE.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Revive Adserver 4.1.x <= 4.2 RC1

No auth needed

Prerequisites: Target must have Revive Adserver 4.1.x to 4.2 RC1 installed · XML-RPC endpoint (adxmlrpc.php) must be accessible

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Revive Adserver 4.2 - Remote Code Execution

CRITICALVERIFIEDby omarjezi

Shodan: http.favicon.hash:106844876 || http.title:"revive adserver"

FOFA: icon_hash=106844876 || title="revive adserver"

References (4)

Core 4

Core References

Third Party Advisory x_refsource_misc

https://hackerone.com/reports/512076

Third Party Advisory x_refsource_misc

https://hackerone.com/reports/542670

Vendor Advisory x_refsource_misc

https://www.revive-adserver.com/security/revive-sa-2019-001/

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html

Scores

CVSS v3 9.8

EPSS 0.5702

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2026-03-09

CWE

CWE-502

Status published

Products (1)

revive-sas/revive_adserver < 4.2.0

Published May 06, 2019

Tracked Since Feb 18, 2026